× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cc1ea63125f4564523af3803db42c981ce306fac5f1a187ffd3a86dbc1cca06f
File name: vti-rescan
Detection ratio: 35 / 55
Analysis date: 2015-07-06 12:46:44 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.183868 20150706
Yandex Trojan.DownLoader! 20150630
AhnLab-V3 Backdoor/Win32.Plugx 20150706
ALYac Gen:Variant.Kazy.183868 20150706
Antiy-AVL Trojan/Win32.TSGeneric 20150706
Arcabit Trojan.Kazy.D2CE3C 20150706
Avast Win32:Malware-gen 20150706
AVG Pakes_c.AETG 20150706
Avira (no cloud) TR/Kazy.183868.1 20150706
AVware Trojan.Win32.Generic!BT 20150706
Baidu-International Trojan.Win32.Agent.QVN 20150706
BitDefender Gen:Variant.Kazy.183868 20150706
CAT-QuickHeal Backdoor.Plugx.r4 20150706
ClamAV Win.Trojan.PlugX-119 20150706
Comodo UnclassifiedMalware 20150706
DrWeb Trojan.DownLoader11.3227 20150706
Emsisoft Gen:Variant.Kazy.183868 (B) 20150706
ESET-NOD32 Win32/TrojanDropper.Agent.QVN 20150706
F-Secure Gen:Variant.Kazy.183868 20150706
Fortinet W32/Generik.MBFSCDS!tr.bdr 20150706
GData Gen:Variant.Kazy.183868 20150702
Ikarus Backdoor.Win32.Plugx 20150706
Kaspersky UDS:DangerousObject.Multi.Generic 20150706
McAfee Artemis!2BC9BFCC2127 20150706
McAfee-GW-Edition BackDoor-FBOE!885F177DE5B2 20150705
Microsoft Backdoor:Win32/Plugx.A 20150706
eScan Gen:Variant.Kazy.183868 20150706
NANO-Antivirus Trojan.Win32.DownLoader11.cuazat 20150706
Panda Generic Suspicious 20150706
Qihoo-360 Win32/Trojan.e2a 20150706
Rising PE:Trojan.Win32.Generic.1649058A!373884298 20150706
Sophos AV Mal/Generic-S 20150706
Symantec WS.Reputation.1 20150706
Tencent Win32.Trojan.Kazy.Huqb 20150706
VIPRE Trojan.Win32.Generic!BT 20150706
AegisLab 20150706
Alibaba 20150630
Bkav 20150706
ByteHero 20150706
Cyren 20150706
F-Prot 20150706
Jiangmin 20150703
K7AntiVirus 20150706
K7GW 20150706
Kingsoft 20150706
Malwarebytes 20150706
nProtect 20150703
SUPERAntiSpyware 20150706
TheHacker 20150706
TrendMicro 20150706
TrendMicro-HouseCall 20150706
VBA32 20150703
ViRobot 20150706
Zillya 20150706
Zoner 20150706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
JustSystem(C) 1992-2015

Product JustSystem PAN User Interface
Original name IntelligenttRANS.EXE
Internal name IntelligenttRANS.EXE
File version 6, 14080, 67, 8796
Description JustSystem Background Intelligent Transfer
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-16 01:51:07
Entry Point 0x0000208F
Number of sections 4
PE sections
PE imports
OpenMutexA
CreateMutexA
GetStartupInfoA
GetTempPathA
SizeofResource
CreateProcessA
GetModuleHandleA
LoadResource
LockResource
CreateDirectoryA
WriteFile
HeapAlloc
CloseHandle
CreateFileA
MultiByteToWideChar
GetModuleFileNameA
FindResourceA
GetProcessHeap
Ord(6197)
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(2915)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(6380)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(2818)
Ord(4160)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
__p__fmode
_acmdln
srand
__dllonexit
_controlfp
_except_handler3
_onexit
exit
sprintf
strrchr
__setusermatherr
rand
__p__commode
_XcptFilter
__CxxFrameHandler
_adjust_fdiv
__getmainargs
_initterm
_setmbcp
time
_exit
__set_app_type
SHGetSpecialFolderPathA
GetSystemMetrics
AppendMenuA
EnableWindow
PostMessageA
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
LoadIconA
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 8
RT_DIALOG 2
RT_STRING 1
WESAJEXJFJEJKSKEASE 1
DIDDIIREDDSHUEOAIEJL 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 15
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.14080.67.8796

UninitializedDataSize
0

LanguageCode
Japanese

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
569344

EntryPoint
0x208f

OriginalFileName
IntelligenttRANS.EXE

MIMEType
application/octet-stream

LegalCopyright
JustSystem(C) 1992-2015

FileVersion
6, 14080, 67, 8796

TimeStamp
2013:12:16 02:51:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IntelligenttRANS.EXE

ProductVersion
6, 14080, 67, 8796

FileDescription
JustSystem Background Intelligent Transfer

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
JustSystem Background Intelligent Transfer

CodeSize
8192

ProductName
JustSystem PAN User Interface

ProductVersionNumber
6.14080.67.8796

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2bc9bfcc2127b50b703aeb4ac35556c5
SHA1 9b863f720571fa306d9395d32e1575e149bb4567
SHA256 cc1ea63125f4564523af3803db42c981ce306fac5f1a187ffd3a86dbc1cca06f
ssdeep
12288:yKfDgWulALVZkES0RgGEVhkyA7F3Xl5MB8vTOvcX6C1dcDbpOZZo+NjrDhWg6jr2:PffuCSMDidK

authentihash 34e5ec003e8c57b5920f9c0bba869f9bd90bce13f4d36e159fba0b5f01450948
imphash 2163375c968f0f68738f6e71a5184bcd
File size 568.0 KB ( 581632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2014-01-03 13:44:00 UTC ( 5 years ago )
Last submission 2015-07-06 12:46:44 UTC ( 3 years, 6 months ago )
File names IntelligenttRANS.EXE
9b863f720571fa306d9395d32e1575e149bb4567
cc1ea63125f4564523af3803db42c981ce306fac5f1a187ffd3a86dbc1cca06f
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications